Hackers Expose Truist Bank's Data on Dark Web, Confirming October Breach

Truist Bank, a premier U.S. commercial bank headquartered in Charlotte, North Carolina, has confirmed its systems were breached in a cyberattack in 2023.

The data breach became impossible to ignore after a threat actor published some of the data stolen from the bank on a cybercrime forum. The bank, founded from the merger of BB&T and SunTrust Bank in December 2019, is currently a top-10 commercial bank with assets totaling $535 billion.

Threat Actors Sells Data of 65,000 Truist Bank Employees on Hacking Forum

Sp1d3r, the threat actor responsible for the leak, is allegedly selling stolen data including private info of approximately 65,000 employees, at an asking price of $1 million for the bulk of it.

The perpetrator claims the data dump also contains bank transactions with names, account numbers, balances, and IVR funds transfer source code. However, the claims couldn’t be verified.

Bank Launched Investigation After October Breach, Notified Clients

​BleepingComputer cited a Truist Bank representative as saying: "In October 2023, we experienced a cybersecurity incident that was quickly contained. In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.”

The spokesperson also said the bank has notified additional clients based on new information unveiled by the investigation. Furthermore, the bank has reportedly found no evidence of fraud resulting from the incident.

Mitigating Data Breaches and The Importance of Damage Control

Although good cyber hygiene can help mitigate the risk of data leaks, data breaches can occur unexpectedly and indiscriminately despite stringent preventive efforts. Consequently, instead of solely relying on preventive strategies, it may be necessary to manage the aftermath. In such situations, specialized software can prove invaluable.

Bitdefender Digital Identity Protection, for instance, provides an extensive overview of your online data, including traces of data from no longer-used services. It lets you check the extent of your digital footprint, notifies you of data breaches involving your data, and instantly patches weak points in your online presence.